Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Mitigation bypass in the DOM: Security component CVE-2025-13018 firefox: Use-after-free in the Audio/Video component CVE-2025-13014 firefox: Incorrect boundary...

CVE-2025-66035 Angular HTTP Client Has XSRF Token Leakage via Protocol-Relative URLs

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential...

CVE-2025-65111

SpiceDB is an open source database system for creating and managing security-critical application permissions. Prior to version 1.47.1, if a schema includes the following characteristics: permission defined in terms of a union + and that union references the same relation on both sides but one si...

org.keycloak.protocol.oidc.endpoints.LogoutEndpoint: Offline Session takeover due to reused Authentication Session ID

A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...

CVE-2025-36134

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie...

CVE-2025-36134 IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie...

Potential DoS Vulnerability through Multiple KeyShareEntry with Same Group in TLS 1.3 ClientHello

...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaThunderbird (SUSE-SU-2025:4195-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4195-1 advisory. - Update Mozilla Thunderbird to version 140.5 bsc1253188 - CVE-2025-13012: Race condition in the...

AlmaLinux 9 : firefox (ALSA-2025:21280)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:21280 advisory. firefox: Mitigation bypass in the DOM: Security component CVE-2025-13018 firefox: Use-after-free in the Audio/Video component CVE-2025-13014 firefox:...

SUSE-SU-2025:4195-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: - Update Mozilla Thunderbird to version 140.5 bsc1253188 - CVE-2025-13012: Race condition in the Graphics component. - CVE-2025-13016: Incorrect boundary conditions in the JavaScript: WebAssembly component. - CVE-2025-13017: Same-orig...

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.5.0 ESR bsc1253188 CVE-2025-13012: Race condition in the Graphics component. CVE-2025-13016: Incorrect boundary conditions in the JavaScript: WebAssembly component. CVE-2025-13017: Same-origi...

SUSE-SU-2025:4174-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Update to Firefox Extended Support Release 140.5.0 ESR bsc1253188 - CVE-2025-13012: Race condition in the Graphics component. - CVE-2025-13016: Incorrect boundary conditions in the JavaScript: WebAssembly component. - CVE-2025-13017:...

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.5.0 ESR bsc1253188 CVE-2025-13012: Race condition in the Graphics component. CVE-2025-13016: Incorrect boundary conditions in the JavaScript: WebAssembly component. CVE-2025-13017: Same-origi...

SUSE-SU-2025:4173-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Update to Firefox Extended Support Release 140.5.0 ESR bsc1253188 - CVE-2025-13012: Race condition in the Graphics component. - CVE-2025-13016: Incorrect boundary conditions in the JavaScript: WebAssembly component. - CVE-2025-13017:...

Google Chrome < 4.3.61.21 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 4.3.61.21. It is, therefore, affected by multiple vulnerabilities as referenced in the 201505stable-channel-update19 advisory. - Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attackers ...

Google Chrome < 4.6.85.23 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 4.6.85.23. It is, therefore, affected by multiple vulnerabilities as referenced in the 201510stable-channel-update advisory. - Multiple unspecified vulnerabilities in Google Chrome before 46.0.2490.71 allow attackers to...

Google Chrome < 46.0.2490.71 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 46.0.2490.71. It is, therefore, affected by multiple vulnerabilities as referenced in the 201510stable-channel-update advisory. - Multiple unspecified vulnerabilities in Google Chrome before 46.0.2490.71 allow attackers t...

Google Chrome < 4.3.61.21 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 4.3.61.21. It is, therefore, affected by multiple vulnerabilities as referenced in the 201505stable-channel-update19 advisory. - Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attackers to...

Google Chrome < 4.2.77.14 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 4.2.77.14. It is, therefore, affected by multiple vulnerabilities as referenced in the 201504stable-channel-update14 advisory. - Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers to...

Google Chrome < 4.6.85.23 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 4.6.85.23. It is, therefore, affected by multiple vulnerabilities as referenced in the 201510stable-channel-update advisory. - Multiple unspecified vulnerabilities in Google Chrome before 46.0.2490.71 allow attackers to...